A comprehensive security analysis platform combining threat intelligence, digital forensics, network scanning, and system auditing in one unified interface.
- Multi-source Lookups: IP, Domain, URL, File Hash analysis
- API Integration: VirusTotal, AbuseIPDB, AlienVault OTX, URLScan, Shodan
- Real-time Analysis: Live threat data from 5+ intelligence sources
- Static Analysis: PE parsing, entropy calculation, string extraction
- Hash Generation: MD5, SHA1, SHA256
- Multi-engine Scanning: Hybrid Analysis, MetaDefender, VirusTotal
- Evidence Collection: System information, running processes, browser history
- USB Device History: Registry-based USB artifact analysis
- Automated Reporting: JSON evidence export
- Network Discovery: Host discovery and ping sweeps
- Port Scanning: Common service port detection
- Service Detection: Banner grabbing and service identification
- Startup Analysis: Auto-start program inspection
- Service Enumeration: Windows service auditing
- Security Assessment: Firewall status and system hardening checks
- Python 3.8+
- Windows 10/11 (Linux support in development)
# Clone repository
git clone https://github.com/APMarzuki/CyberGuardian-X.git
cd CyberGuardian-X
# Create virtual environment
python -m venv .venv
.venv\Scripts\activate # Windows
# Install dependencies
pip install -r requirements.txt
# Configure API keys
copy config.ini.example config.ini
# Edit config.ini with your API keys
# Run application
python app.py
Dependencies
See requirements.txt for complete list:
requests>=2.28 - API communication
psutil>=5.9 - System information
tkinter - GUI framework
python-magic-bin - File type detection
🔧 Configuration
Get API keys from:
VirusTotal
AbuseIPDB
AlienVault OTX
URLScan
Shodan
Add keys to config.ini:
ini
[API_KEYS]
VIRUSTOTAL_API_KEY = your_key_here
ABUSEIPDB_API_KEY = your_key_here
OTX_API_KEY = your_key_here
URLSCAN_API_KEY = your_key_here
SHODAN_API_KEY = your_key_here
🎯 Usage Examples
Threat Intelligence
python
# IP Reputation Check
Lookup Type: ip
Value: 8.8.8.8
# File Hash Analysis
Lookup Type: hash
Value: 44d88612fea8a8f36de82e1278abb02f
File Analysis
Drag & drop suspicious files for automated analysis
View PE headers, strings, entropy, and hash information
Cross-reference with multiple threat intelligence sources
Forensic Collection
One-click evidence gathering
Export comprehensive system snapshots
Browser artifact analysis
📁 Project Structure
text
CyberGuardian-X/
├── app.py # Main application launcher
├── requirements.txt # Python dependencies
├── config.ini # Configuration file
├── core/ # Core functionality
│ ├── ti_engine.py # Threat intelligence engine
│ ├── hash_utils.py # Cryptographic functions
│ └── pe_parser.py # PE file analysis
├── modules/ # Feature modules
│ ├── gui.py # Main GUI interface
│ ├── scanner.py # File scanning engine
│ ├── forensic_lite.py # Digital forensics
│ ├── net_scanner.py # Network tools
│ └── system_audit.py # Security auditing
├── apis/ # API clients
│ ├── vt_client.py # VirusTotal
│ ├── otx_client.py # AlienVault OTX
│ └── abuseipdb_client.py # AbuseIPDB
└── config/ # Configuration
└── key_loader.py # API key management
🤝 Contributing
We welcome contributions! Please see our Contributing Guidelines for details.
Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Commit your changes (git commit -m 'Add amazing feature')
Push to the branch (git push origin feature/amazing-feature)
Open a Pull Request
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
VirusTotal for file reputation services
AlienVault OTX for open threat intelligence
AbuseIPDB for IP reputation data
URLScan.io for URL analysis
Shodan for network intelligence
📞 Support
Issues: GitHub Issues
Discussions: GitHub Discussions
CyberGuardian X - Your unified platform for comprehensive security analysis and threat intelligence.
text
### **3. Essential Repository Files**
**Create these files in your repository:**
**requirements.txt** (updated):
```txt
# Core Dependencies
requests>=2.28.0
psutil>=5.9.0
python-magic-bin>=0.4.24; sys_platform == "win32"
pillow>=10.0.0
# Optional (for enhanced features)
dnspython>=2.3.0
python-whois>=0.9.0
cryptography>=41.0.0
rich>=12.6.0
tldextract>=3.4.0
# Development
pyinstaller>=5.10.0